[pkg-lxc-devel] Bug#947863: lxc: apparmor denied mount with unprivileged lxc

Johannes Schauer josch at debian.org
Wed Jan 1 16:13:50 GMT 2020


Hi,

Quoting Pierre-Elliott B├ęcue (2020-01-01 16:25:24)
> I'm sorry but lxc unprivileged containers can't run with any apparmor
> profile. You have to set this parameter to unconfined for your unprivileged
> containers. Setting a default profile for unconfined containers is a hard
> thing as only etc/default/lxc.conf is an option, but it'd also apply to
> privileged containers.

but I don't understand why this is a wontfix?

If lxc unprivileged containers cannot run with any apparmor profile, then why
do files like /usr/share/lxc/config/userns.conf not include a line like:

lxc.aa_profile=unconfined

Thanks!

cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20200101/c6f5c63e/attachment-0001.sig>


More information about the Pkg-lxc-devel mailing list